Thala Consultancy Ltd

Privacy Policy

Background

This Policy sets out the obligations of Thala Consultancy Ltd, a company registered in England and Wales under company number 16482659, whose registered office is at 19 Smalley Avenue, Liverpool, England, L25 6FA (“the Company” , "we" , "us") regarding data protection and the rights of users (“data subjects”) in respect of their personal data.

Thala Consultancy Ltd takes your privacy very seriously and understands that you care how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described in this Policy, and in a manner consistent with our legal obligations and your rights under the law.

We respect and value the privacy of everyone who visits this website, www.thalaconsultancy.co.uk (“Our Site”) and we will only collect and use personal data in ways that are outlined in this Policy, and in a manner consistent with our legal obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site, and you will be required to read and accept this Policy when signing up to our mailing list or becoming a client. 

If you do not accept and agree to this Privacy Policy, you must stop using Our Site immediately.

1. Purpose of this Policy

This Policy describes how we collect and use personal data about you, in accordance with the UK General Data protection Regulation ("UK GDPR") and any other applicable date protection laws. Please read the following carefully to understand our practices regarding your personal data and how we treat it.

2. About Us

Thala Consultancy Ltd is an IT management & consultancy company registered in England and Wales under company number 16482659, with its registered office at 19 Smalley Avenue, Liverpool, England, L25 6FA.

For the purposes of the Data Protection Legislation and this policy, we are the "data controller," meaning we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this Privacy Policy.

If you have any questions about this Policy or our handling of your personal data, you may contact our Data Protection Officer (DPO) using the details provided in section 15 (Contact Us).

3. What is Personal Data?

Personal data is defined in the UK GDPR (EU Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you or your clients that enables you or them to be identified. Personal data includes obvious information, such as your name and contact details, as well as less obvious information, such as identification numbers, electronic location data and other online identifiers. 

The personal data we use is detailed in section 5.

4. How We Collect Personal Data

We may obtain personal data about you when:

  • You request a call from us via Our Site.
  • You request a proposal for our services.
  • You engage us to provide services, and during the performance of those services.
  • You use or interact with Our Site.
  • You contact us by email through Our Site (e.g., submitting a query).

5. The Personal Data We Hold

The personal data we may collect includes:

  • Contact details (e.g., email address, phone number).
  • Records of communication with you.
  • Details of services you have received from us.
  • Information gathered from cookies when you use Our Site.
  • Usage data, such as IP address or device type.
  • Information relating to enquiries or complaints.
  • Information necessary for use to provide services to you. 

6. How We Use Your Personal Data 

We must have a lawful basis under the UK GDPR to process personal data.

We may process data for:

Contractual Purposes

  • To perform agreements entered into between you and us.
  • To perform agreements with our clients where you may be a contractor, supplier or customer. 

Legal Obligations

  • To comply with applicable laws and regulatory requirements. 

Legitimate Interests

Provided such interest do not override your rights, we may process personal data for:

  • Analytics and service improvement.
  • Marketing and business development.
  • Management and statistical purposes.

Consent

Where required, we will seek your consent for specific uses, such as marketing communications. You have the right to withdraw your consent at any time. 

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Purposes for Which We May Use Your Data

We may use your personal data to:

  • Fulfil contractual obligations.
  • Provide information about services, events or activities you request or may be interested in (with your consent where required).
  • Seek feedback to improve our services.
  • Notify you of changes to our services.

We may anonymise or pseudonymise your data for analytical purposes. 

If you fail to provide the necessary information, we may be unable to perform our contract or comply with legal obligations.

We may also process your personal data without your knowledge where permitted by law. 

7. How Long We Keep Your Personal Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected. Typically, we retain personal data for no longer than 7 years, unless otherwise required by law or regulatory obligations.

When assessing what retention period is appropriate for your personal data, we consider:

  • Business needs and service requirements.
  • Legal and obligatory obligations.
  • The purposes for which we originally collected the data.
  • The nature and sensitivity of the data.
  • The purpose of collection.
  • Whether purposes can be achieved by another means. 

Change of Purpose

Where we need to use your personal data for another reason, other than for the purpose for which it was collected, we will only use it where that reason is compatible with the original purpose. Should it be necessary to use your personal data for a new purpose, we will notify you and explain the legal basis which allows us to do so before proceeding. 

8. Sharing Your Personal Data

Sharing with Third Parties

We may share your personal data with third parties:

  • Where required by law.
  • To administer our relationship with you.
  • Where we have a legitimate interest in doing so.

Third-Party Service Providers

These may include providers of:

  • IT and cloud services.
  • Professional and advisory services.
  • Administrative and marketing services.
  • Banking and payment services (e.g., Xero)

All third-party providers must implement appropriate security processes and may only process data for the specified purposes in accordance with our instructions.

Other Third Parties

We may also share your data:

  • In the event of a business sale, restructuring or similar transaction.
  • With regulators or authorities, where required by law. 

9.Where Do We Store Your Data?

In order to perform our contract with you, we may use external third parties based outside the EEA. The processing of your data may, therefore, involve a transfer of data outside the EEA. Whenever, we transfer your personal data outside the EEA, we ensure a degree of protection is afforded by implementing one of the following safeguards. 

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Data Protection Adequacy in non-EU Countries. 
  • Where there is not an adequate decision by the European Commission in relation to a country, we may use certain service providers under specific contracts approved by the European Commission which gives personal data the same protection it has in Europe.

10. Data Security

Using the internet to send information can never be completely secure. We will always do our best to protect your data, but we can not guarantee its security. You send data to Our Site at your own risk.

Once we receive your data, we use procedures and security features to keep it safe. 

In the event of a data breach:

  • All breaches must be immediately reported to the Data Protection Officer (DPO).
  • If there is a risk to the rights and freedoms of an individual (e.g., financial loss, breach of confidentiality, discrimination, reputational damage or other significant social or economic damage), the Information Commissioner's Office (ICO) will be notified within 72 hours.
  • If the risk is severe, affected individuals will be notified without undue delay. 

Notifications will include:

  • Categories and number of individuals affected.
  • Categories and number of records affected.
  • Contact details of the DPO.
  • Likely consequences of the breach.
  • Measures taken or proposed to mitigate effects. 

11. Your Rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal
    data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to its processing (see below).
  • Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) as there is something about your particular situation that makes you want to object to its processing. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to you or another data controller. If the processing is based on consent, this can be carried out by automated means.

To exercise these rights, contact hello@thalaconsultancy.co.uk 

We may request proof of identity before responding. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also charge a reasonable fee or refuse requests that are excessive or unfounded. 

12. Right to Withdraw Consent 

Where processing is based on consent, you nay withdraw it at any time by contacting us at hello@thalaconsultancy.co.uk. 

Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

13. Our Site Usage

We make all reasonable efforts to ensure content on Our Site is up to date. If you believe any information requires updating, please contact us through Our Site. 

Our Site uses cookies. Please see our Cookie Policy for details. 

Content

Our Site uses images sourced from Unsplash.com, subject to their licence agreement, which can be found at https://unsplash.com/plus/license.

External Links

Our Site may contain links to external sites. We are not responsible for the content or privacy policies of external sites. Users should exercise caution when clicking these links (e.g., clickable text, banners or image links to other websites). 

Shortened URLs

URL shortening is a technique used on the web to shorten URLs (Uniform Resource Locators). This technique is commonly used in social media. Users should exercise caution before clicking on shortened URL links and verify their authenticity before proceeding.

We cannot guarantee or verify the contents of any externally linked website. Users should, therefore, note they click on external links or shortened URLs at their own risk. We can not be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media features

Social media sharing buttons may allow you to share content directly to social media platforms. Use of these features is at your own discretion and you accept that doing so may publish content to your social media profile page. 

14. Changes to This Policy

We may update this Privacy Policy from time to time. This may be necessary, for example, if the law changes or if we change our business in a way that affects personal data protection. Any changes will be made available on this page. 

This Privacy Policy was last updated June 2025.

For more information about your rights as an individual under the GDPR, please visit the ICO:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights

15. How to Make a Complaint 

If you have any questions or concerns about this Privacy Policy or if you would like to speak to us, please contact our Data Protection Officer at hello@thalaconsultancy.co.uk. 

If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO).

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Helpline: 0303 123 1113 
  • Website: https://www.ico.org.uk/make-a-complaint

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.